scholarly journals Access control for healthcare data using extended XACML-SRBAC model

2012 ◽  
Author(s):  
A. A. Abd El-Aziz ◽  
A. Kannan
Keyword(s):  
Access Control ◽  
Healthcare Data

scholarly journals Security Challenges in Healthcare Cloud Computing: A Systematic Review

2016 ◽  
Vol 9 (3) ◽  
pp. 157 ◽  
Author(s):  
Esmaeil Mehraeen ◽  
Marjan Ghazisaeedi ◽  
Jebraeil Farzi ◽  
Saghar Mirshekari
Keyword(s):  
Systematic Review ◽  
Cloud Computing ◽  
Access Control ◽  
Identity Management ◽  
Research Question ◽  
Security And Privacy ◽  
Healthcare Data ◽  
Security Challenges ◽  
Authentication And Authorization ◽  
Hypervisor Security

<p><strong>BACKGROUND:</strong> Healthcare data are very sensitive records that should not be made available to unauthorized people in order for protecting patient's information security. However, in progressed technologies as cloud computing which are vulnerable to cyber gaps that pose an adverse impact on the security and privacy of patients’ electronic health records and in these situations, security challenges of the wireless networks need to be carefully understood and considered. Recently, security concerns in cloud computing environment are a matter of challenge with rising importance.</p><p><strong>OBJECTIVE:</strong> In this study a systematic review to investigate the security challenges in cloud computing was carried out. We focused mainly on healthcare cloud computing security with an organized review of 210 full text articles published between 2000 and 2015.</p><p><strong>METHOD:</strong> A systematic literature review was conducted including PubMed, Science direct, Embase, ProQuest, Web of science, Cochrane, Emerald, and Scopus databases.</p><p><strong>FINDINGS:</strong> Using the strategies described, 666 references retrieved (for research question one 365, research question two 201, and research question three 100 references).</p><p><strong>IMPROVEMENTS:</strong> Review of articles showed that for ensuring healthcare data security, it is important to provide authentication, authorization and access control within cloud's virtualized network. Issues such as identity management and access control, Internet-based access, authentication and authorization and cybercriminals are major concerns in healthcare cloud computing. To manage these issues<strong> </strong>many involved events such as Hybrid Execution Model, VCC-SSF, sHype Hypervisor Security Architecture, Identity Management, and Resource Isolation approaches<em> </em>have to be defined for using cloud computing threat management processes.</p>

scholarly journals Accessing electronic health records in critical incidents using context-aware attribute-based access control

2021 ◽  
pp. 1-13
Author(s):  
Evgenia Psarra ◽  
Yiannis Verginadis ◽  
Ioannis Patiniotakis ◽  
Dimitris Apostolou ◽  
Gregoris Mentzas
Keyword(s):  
Access Control ◽  
Electronic Health Records ◽  
Contextual Information ◽  
Access To Healthcare ◽  
Context Aware ◽  
Health Records ◽  
Healthcare Data ◽  
Emergency Situations ◽  
Attribute Based Access Control ◽  
Critical Situations

In emergency situations, different actors involved in first aid services should be authorized to retrieve information from the patient’s Electronic Health Records (EHRs). The research objectives of this work involve the development and implementation of methods to characterise emergency situations requiring extraordinary access to healthcare data. The aim is to implement such methods based on contextual information pertaining to specific patients and emergency situations and also leveraging personalisation aspects which enable the efficient access control on sensitive data during emergencies. The Attribute Based Access Control paradigm is used in order to grant access to EHRs based on contextual information. We introduce an ABAC approach using personalized context handlers, in which raw contextual information can be uplifted in order to recognize critical situations and grant access to healthcare data. Results indicate that context-aware ABAC is a very effective method for detecting critical situations that require emergency access to personal health records. In comparison to RBAC implementations of emergency access control to EHRs, the proposed ABAC implementation leverages contextual information pertaining to the specific patient and emergency situations. Contextual information increases the capability of ABAC to recognize critical situations and grant access to healthcare data.

scholarly journals Assessing Access Control Risk for mHealth: A Delphi Study to Categorize Security of Health Data and Provide Risk Assessment for Mobile Apps

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Pedro Moura ◽  
Paulo Fazendeiro ◽  
Pedro R. M. Inácio ◽  
Pedro Vieira-Marques ◽  
Ana Ferreira
Keyword(s):  
Risk Factors ◽  
Risk Assessment ◽  
Access Control ◽  
Delphi Study ◽  
Mobile Apps ◽  
Real Life ◽  
Health Data ◽  
Security And Privacy ◽  
Risk Level ◽  
Healthcare Data

Background. Smartphones can tackle healthcare stakeholders’ diverse needs. Nonetheless, the risk of data disclosure/breach can be higher when using such devices, due to the lack of adequate security and the fact that a medical record has a significant higher financial value when compared with other records. Means to assess those risks are required for every mHealth application interaction, dependent and independent of its goals/content. Objective. To present a risk assessment feature integration into the SoTRAACE (Socio-Technical Risk-Adaptable Access Control) model, as well as the operationalization of the related mobile health decision policies. Methods. Since there is still a lack of a definition for health data security categorization, a Delphi study with security experts was performed for this purpose, to reflect the knowledge of security experts and to be closer to real-life situations and their associated risks. Results. The Delphi study allowed a consensus to be reached on eleven risk factors of information security related to mobile applications that can easily be adapted into the described SoTRAACE prototype. Within those risk factors, the most significant five, as assessed by the experts, and in descending order of risk level, are as follows: (1) security in the communication (e.g., used security protocols), (2) behavioural differences (e.g., different or outlier patterns of behaviour detected for a user), (3) type of wireless connection and respective encryption, (4) resource sensitivity, and (5) device threat level (e.g., known vulnerabilities associated to a device or its operating system). Conclusions. Building adaptable, risk-aware resilient access control models into the most generalized technology used nowadays (e.g., smartphones) is crucial to fulfil both the goals of users as well as security and privacy requirements for healthcare data.

scholarly journals Access Control of EHR Records in a Heterogeneous Cloud Infrastructure

2021 ◽  
Vol 25 (2) ◽  
pp. 485-516
Author(s):  
Zoltán Szabó ◽  
Vilmos Bilicki
Keyword(s):  
Access Control ◽  
Fog Computing ◽  
Cloud Infrastructure ◽  
Security Framework ◽  
Healthcare Applications ◽  
Public And Private ◽  
Healthcare Data ◽  
Security Challenges ◽  
Special Cases ◽  
Heterogeneous Cloud

Since the advent of smartphones, IoT and cloud computing, we have seen an industry-wide requirement to integrate different healthcare applications with each other and with the cloud, connecting multiple institutions or even countries. But despite these trends, the domain of access control and security of sensitive healthcare data still raises a serious challenge for multiple developers and lacks the necessary definitions to create a general security framework addressing these issues. Taking into account newer, more special cases, such as the popular heterogeneous infrastructures with a combination of public and private clouds, fog computing, Internet of Things, the area becomes more and more complicated. In this paper we will introduce a categorization of these required policies, describe an infrastructure as a possible solution to these security challenges, and finally evaluate it with a set of policies based on real-world requirements.

Sign in / Sign up

Export Citation Format

Share Document